Digital Dangers: Ransomware

Ransomware is, in effect, a monetized version of malware.  Ransomware is malicious software designed to extort money from its victims.  Ransomware takes control of victim data and threatens to publish or purge pending payment.

The rise and spread of ransomware are of concern globally and locally.  Recent reports of WannaCry, Petya and NotPetya, amongst others, wreaking havoc on international systems are becoming more frequent.

Earlier this year, SchoolManagerJa, a cloud based grade administration tool for local educational institutions, found its data externally encrypted, thereby blocking their access.  The hackers demanded the handsome sum of US$5,000.00 for the release of the data.

Neither SchoolManagerJa nor the 14 schools affected paid the ransom.  In a Gleaner report, SchoolManagerJa owner Michael Dingwall commented, “I can't pay them. Even if I should pay them, it's almost certain they would not unscramble it [the data] because what they did is a crime. All I would be doing if I pay them is contribute to a crime to help them to do this to other people, and, perhaps, to come back and do it to me in the future.”

Many other local cases remain unreported.

Ransomware is disseminated in various ways with phishing and click bait being common ways malware can infect systems and exploit security holes, like outdated and vulnerable operating systems (OS), to launch its destructive capacities.

Hackers often request payment in Bit Coin, a hard to trace crypto-currency.  Security experts advise victims not to pay ransom for data because there is no guarantee of recovery.  Further, each payment provides encouragement to hackers to deploy ever improving ransomware efforts.

There is no foolproof way to shield your system from a ransomware attack, but by following these seven steps, you increase your odds of keeping your data safe.

Tip 1: Schedule and run frequent security checks

Tip 2: Install or update to the latest OS, software and security updates and patches

Tip 3: Update and run anti-virus and anti-malware software frequently

Tip 4: Encrypt and frequently back up sensitive data

Tip 5: Create a unique username and password for every account and change regularly

Tip 6:  Clear cloud based messaging app conversations

Tip 7: Beware of public Wi-Fi; use a VPN, private browser and a firewall for maximum protection

RJR's Tech4Life airs on @RJR94FM every Wednesday at 8:15 am

Digital Dangers - Quizzes and Memes

It all seems so cute and innocent.  A friend posts a list of all the great concerts they attended to their timeline and encourages you to do the same.  Or maybe, you saw a friend post results from a quiz that revealed something new and you consider trying it too.

STOP.

Be very wary of Facebook quizzes and memes!  It’s true, they may seem fun, but they can also be dangerous.  Yes, dangerous!  Think about the information that you share - Pages you like/places you do business. Mom’s name in the About Me section/security question and answer.

These unassuming quizzes may deliberately, or unwittingly, reveal your personal data to third parties like marketers or hackers.  They are not necessarily as harmless as they purport to be.  At worst, they are click bait, designed to lead users to other sites.  At best, they reveal personal information that in the wrong hands, can be extremely damaging.

Spotting the Danger

Let’s start with the third party quizzes that are prolific on Facebook and that FB is actively trying to limit.  Some of these quizzes do ask permission before posting in your name to the platform.  When they did, did you read their privacy policy?  I’d be willing to bet you didn’t.  If they have access to post on your behalf, what else could they post as you?  How would friends know that you didn’t really initiate the post?

Let’s look at the memes.  Unlike the third party apps, memes just appear as a post from a friend with lots of personal information on them and an invitation for you to share as well and “continue the chain”.  But take a closer look; the answers being revealed are often closely related to common security questions or can provide clues for an effective spear phishing attack.

Steering Clear

If you’d like to avoid unnecessary exposure to hacking and targeted marketing, I highly recommend that you stop using Facebook, Twitter or Google to log into third party apps.  Also, take a moment to review, and as necessary revoke, third party app access to your accounts.  I know it’s tedious, but it is recommended that you have a separate username and a strong, long, unique password for every account.  No short cuts (unless of course, you consider a password manager as a short cut, in which case, go right ahead).

Be vigilant in the protection of your privacy.

Tech4Life airs every Wednesday morning at 8:15 AM

How to Protect Your Credit Card Online

In this day and age, the only way to be sure that your credit card is safe is to, not have one.  Of course, the practical consequence of not having a credit card means no online shopping, no convenient on the go purchases and no easy digital management of various expenses.

Even mobile payments are tied to credit cards with precious few options to avoid the ubiquitous payment method.

Since not having a credit card is not practical (for me at least), let’s look at some tips to add security in an unsure cyber world.

Do Use Secure Sites with HTTPS 

It goes without saying that you should only share your credit card information with trusted sites, but how do you know you can trust the site.  Well, one thing to look out for is a little lock icon in your browser representing the HTTPS; the ’s’ stands for secure (the HTTP means Hypertext Transfer Protocol if your interested).  Traffic on sites designated with the HTTPS is encrypted.

Reputable shopping sites like Amazon and even smaller shopping sites can make use of encryption to add another layer of protection to your personal financial information.  If, it ain’t got the ’s’, don’t drop the $.  Simple.

Do Monitor Statements 

Online shopping is so convenient.  So too, is checking your statement online.  And the two should never be separated.  Continuous monitoring of your transactions with a view to quickly identify and immediately report suspicious charges is a requirement of responsible online shopping practices.

If you consider even that too much, automate the process.  Have your credit card company text you after ever transaction and report any fraudulent transactions faster than a Lamborghini can do zero to 60 mph.

Do Use Unique Passwords

Sure.  It can be a pain to use a different password for every site.  But, it is necessary.  Even reputable businesses can be compromised putting your other accounts in danger.  Unique passwords can help stop hackers in their tracks and keep their nefarious actions at bay.

Develop a system to help you remember the passwords or use a password manager like 1Password or LastPass.  If you’re a Mac, consider the free, built-in, seamless iCloud KeyChain.

Regardless of which system you use, do immediately, if not already done, upgrade to two-factor authentication (2FA) on every account that offers the option.  2FA also adds an extra layer of security; in many cases when logging in, users have to enter a code issued via a text, an app or dedicated device, in addition to the correct password.

Do Secure Your Network

That “free” hotspot is tempting.  But nothing in life is truly free.  Many ask you to register your email address and then hit you with spam.  Some are not secure, deliberately or accidentally.  Tempting as it may be, use secure mobile data, a Wi-Fi analyzer to assess the network or a VPN (Virtual Private Network) to “scramble” your internet signals.

If you must jump on to a hotspot unprotected, avoid open networks (no password requirement), check with the proprietor to ensure the SSID is not being spoofed, light up a firewall, and limit your online traffic to the essentials.

Make sure your system OS (Operating System), software, apps, anti-virus and anti-malware are all up to date.

Do Consider Alternatives

PayPal and similar services put ‘distance’ between your credit card and the merchant.  Many credit card companies offer excellent alternatives like ‘disposable’ card numbers and secondary PIN verification for transactions.

Don’t Email/IM Credit Card Info

This advice has been repeated over and over and over again.  Yet we keep doing it.  Never, never send your credit card number, expiration date and/or CIS, your PIN or your password via an email message or instant message (IM).

Even if you think your email account is impenetrable (and it is not), the recipient's account could be compromised leaving you exposed.  It is just not worth it.

Don’t Auto Complete Card Numbers

Browsers, under the guise of being helpful, offer to auto-complete forms.  It’s a great idea for when you type your name, not so much when typing your credit card information.  Consider turning off this feature for all sensitive financial data and key in the numbers yourself.

In that same vein, don’t store your card information on the site.  Many sites encourage you to create accounts (with your card information) to make future transactions easier.  Don’t trade ease for security and opt, where possible, not to permanently hand over your account digits.

Don’t Respond to Suspect Email

This one is hard.  Phishing emails are becoming more sophisticated and more difficult to spot.  The email may appear to come from your bank, or your boss or your spouse and ask you to verify your information by clicking on a link.  There are countless other scenarios that appear legitimate but are not.  Don't assume the sender is who they say they are just because they have some information.

The bottom line, be VERY careful.  Pick up the phone and call your financial institution, go directly to the official website and avoid clicking on the link, update your virus protection systems, never auto download attachments and be very suspicious of almost everything.  Paranoid much?  Perhaps.  Protected? Definitely.

Don’t Withdraw Cash Unnecessarily

Aside from being hit with high fees for each withdrawal, you have to watch out for skimmers on ATMs, so the fewer trips to the ATM, the better.

Try to withdraw a little more cash than you immediately need, use your smartphone to make a video recording of the transaction, photograph and keep your receipt, only use well-lit ATM in high traffic/well-populated areas and inspect that machine before and after use.  This, along with vigilant monitoring of your online statements, should help reduce the incidences of fraud.

Sources:
Daily Telegraph
Bank of America

Tech4Life airs on @RJR94FM every Tuesday morning at 8:15 am

T4L - New Age Protection

I am updating my being safe online tips.  After all, it is a new year and there are new threats out there.  What worked last year simply may not be enough for 2015.  So here goes; make some time to not only read but action these safety steps.

Step 1: Back up, run anti-virus, back up again
Do it now, do it again and again.  Only the first back up is hard, each subsequent back up is incremental and therefore doesn’t take much time.  Backing up is your first and best defense against data loss which can happen for more reasons than I have space to mention.  Many systems can automate the process to an external drive or cloud service, so your only excuse is .. none.

Make sure that you download, install, run and update a good anti-malware programme, even for your mobile device.  Get rid of or prevent viruses, adware, spyware and other wares designed to destroy your life.

Step 2: Set Strong Unique Passwords
Passwords can be a pain, but they are also your first line of defense against attacks.  Forget the old rules, passwords now need to be longer than eight characters, need not be a recognizable word and need to be unique for each account.  Yes, you read that right - each account.  Since remembering scores of complicated passwords would be too much, it is time to breakout a good password manager to keep things in check.

Step 3: Secure Everything
It can be tempting to jump on a free WiFi hotspot, skip the hassle of configuring a firewall or browsing quickly through unsecured websites, but try to remember how temptation worked out for Eve.

Take a moment to set up a new password on your home wireless router and all internet enabled devices like IP cameras.  Take a moment to set up a firewall on your ‘outer, turn off Discovery and disable file sharing, especially if you plan to log on to public WiFi.

Step 4: Avoid Scams
Certainly it is not recommended that you click on links in email, but if you do, make sure there is a little lock showing in your browser window confirming that the site is secure.

Speaking of security, secure your credit card by using a dedicated ‘online card’ issued by your bank, a one time/pre-paid card or a service like Paypal to create a safety zone around your prized plastic.

Online email services like Google, Yahoo! and Outlook all offer built in virus scanners to reduce the likelihood of nefarious downloads, but it is good to remain vigilant.

Step 5: Repeat
Yes, repeat.  Continuous protection requires continuos updating.

Here’s to a safe 2015!

Tech4Life airs every Wednesday @ 8:15am on RJR94FM